Здравствуйте,

У меня на выходных были 2 занятия на английском по Securing Microsoft Application. Но препод еле связывал слова один с другим. Никто ничего не понял толком. Все материалы что у нас есть это презентация.
Помогите решить тесты (всего 10). Гуглил, читал википедию, некоторые ответы нашел, некоторые нет, помогите.
Обозначил "Х" ответы, которые я считаю правильными.

Module 1: Overview of Application Security
1. You are leading a team of programmers who are assigned the task of developing a Web-based catalog management system. Your team is almost ready to deliver the solution to the clients when a flaw in the logon page of the application is discovered, which can lead to security vulnerability for the malicious users. Which is the best way to solve this problem?
a. Turn off the feature temporarily.
b. Ship the system to the clients and release a patch later.
X Inform the client about the vulnerability and extend the delivery date.
d. None of these actions.


2. Windows .NET Server Telnet runs with normal user privileges, which ensures that a malicious user cannot exploit a security vulnerability of this service to manipulate the system. This is an example of:
a. Secure by design
X Secure by default
c. Secure in deployment
d. Secure by communication


3. You are using SQL Server to store credit-card information of your clients. While implementing server security, you discover that a malicious user has been able to access the credit-card information stored in the database. Identify the STRIDE category or categories for this threat.
a. Spoofing
b. Tampering with data
c. Repudiation
X Information disclosure
e. Denial of service
f. Elevation of privilege


4. You are creating a Web Form for an organization that captures employee details, such as name, age, salary, and department. What type of input validation check(s) will you perform on the "Age" field?
X Type check
b. Length check
c. Range check
d. Format check

Module 2: Implementing Platform Security Best Practices
5. Gigi Mathew, an employee of the local telephone company, calls you and requests access to your secure remote location for a routine telephone line check. Which of the following options will you follow?
a. Allow him to access the server. All local regulations give telephone companies access precedence for routine maintenance.
b. Grant access and rely on the firewall.
c. Check the documented access control policy, which might contain an access list. If his name is in the list, allow him to access the server.
X Refuse him access to the server.
6. Which of the following logs can be viewed by everyone?
a. Security log
b. System log
X Application log
d. All three
e. None of these three


Module 4: Implementing Coding Security Best Practices

7. Your Web application contains a Web form in which a user can input a logon name and password. However, users cannot leave the logon name and password fields blank. The logon name should contain alphabets only, and the password field should contain alphanumeric characters and must start with an alphabet. Which validation control(s) will you use to ensure that the user input is validated?
a. RequiredFieldValidator
b. RangeValidator
c. CompareValidator
X RegularExpressionValidator


8. You are building a Web Form that accepts a credit card number from the user. What type of validation control will you use to validate the credit card number?
a. RequiredFieldValidator
b. RegularExpressionValidator
c. CompareValidator
d. RangeValidator


9. You have used the regular expression ^[cd]:(?:\\\w+)+\\\w{1,32}\.(jpg¦mp3 | zip)$ for validating file names entered by a user. Which files are invalid when used with this regular expression?
a. e:\courses\2840A\MySong.mp3
b. c:\courses\2840A\Module3\MyPicture.jpg::$DATA
c. c:\courses\2840A\MyProfile.zip
X c:\courses\2840A\Title.mp3


10. A local computer on a network has the following properties:
ComputerName="LONDON"
IP Address=192.168.0.1
Which formats can you use to access the computer locally?
a. \\localhost
b. \\192.168.0.1
c. \\LONDON
d. \\127.0.0.1
X All the above

ап, кто знает подскажите хотябы которые с ответов - правильные